Apple has quietly opened its bug bounty program for everyone who could spot issues on the latest publicly available versions of its software products. Payout for researchers who will share their findings including a working exploit may receive up to $1.5 million (via 9to5Mac).
According to an Apple Security Bounty page, only issues affecting the latest versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration will qualify for the program. The same applies to Apple"s newest publicly available hardware, but only on relevant cases.
To be eligible for the program, researchers must be the first party to report a bug to Apple, present a detailed report with an actual exploit, and agree to keep the issue secret until Apple releases a security advisory and a fix. Regarding bounty payments, Apple will pay from $100,000 to $1 million, depending on "the level of access or execution achieved by the reported issue, modified by the quality of the report."
In addition, the company promises a 50% bonus payment for bug hunters who could uncover issues unknown to Apple "and are unique to designated developer betas and public betas, including regressions". Also, Apple will match donations of the bounty reward to selected charities. Initially announced in August of this year, the program aims to protect customers from security risks by gaining insights into both vulnerabilities and their exploitation techniques.